Internet of Things (IoT) is used to define an environment where objects powered by sensors are always communicating with each other. ‘Dumb’ objects become ‘smart’ by connecting to the internet over an IP connection. Anything can have sensors attached to them: people, vehicles, pipelines, infrastructure, robots, and production lines, just to name a few.
Kevin Ashton coined the catchword Internet of Things (IoT) in 1999. At that time there were doubts about how this concept would work due to limitations of IP addresses and the fact that there was no viable method for these devices to be always on and communicating regularly with each other.
Fast forward to today and IPv6 has made it possible for billions of devices to have their unique IP address. Advancement in Wi-Fi and cellular wireless connectivity, improvements in battery technology and the availability of low-cost wireless embedded radios, the IoT has indeed arrived. This expansive change is expected to increase the number of smart connected devices by some estimates to 50 billion, or even more.
As consumers, we are already beginning to see IoT in action. From connected fitness devices to tracking the exact location of your shipment, the Internet of Things is all around us. Some examples of existing connected devices include smart lighting, dimmers, switches and outlets, smart cameras and doorbells, water leak detection and temperature monitoring, garage door controllers, smart thermostats, connected sprinklers, water heaters, fans and even window shades. These devices are making doors, windows, lights and home appliances smarter, yet more vulnerable than ever.
This list does not even include the wearables market from smartwatches and fitness devices to smart jewellery and clothing is poised to take the world by storm after making their presence felt in the initial surge.
With the rising popularity of a vast number of connected devices, it was only a matter of time that hackers began to take an interest in this technology. Security risks about IoT are growing rapidly. In fact, according to a recent study by HP titled “Internet of Things State of the Union Study” , 70% of IoT devices are vulnerable to attack. On an average, 25 vulnerabilities were found per device, totalling 250 vulnerabilities. This included privacy concerns, insufficient authorization, lack of transport encryption, insecure web interface and inadequate software protection.
For instance, recently intruders hacked into a baby monitor and and broke into the house after surveying the property. In another incident, 750,000 messages were sent as part of the junk mail campaign in 2013. The emails were routed through compromised gadgets such as smart refrigerators and televisions.
Businesses - from healthcare and education to manufacturing and logistics - are increasingly using IoT to safeguard personnel and communities, extend the life of assets, creates greater efficiencies across operations and go to market faster.
For instance, sensor data on soil content and moisture are enabling precision agriculture and helping farmers save on fertiliser, fuel and water. Another use case is when mining trucks and excavators autonomously extract valuable minerals from otherwise difficult to reach or dangerous areas. This list goes on.
In late 2014, a German steel mill was the target of a cyberattack when hackers successfully took control of the production software and caused significant material damage to the site. In another instance, hackers used a backdoor vulnerability that was easily available online to gain unauthorised access to the industrial control system of a New Jersey air conditioning company.
Cybersecurity in the world of IoT is not limited to just technology and can have serious business ramifications as well. Unfortunately, there is no single solution to counter every single cyber threat. With the number of IoT devices expanding, it is increasingly important to understand how you are being protected by the IoT vendors.
The silver lining is that tried and tested IT security controls that have been in place over the last couple of decades can also help to counter IoT threats. Of course, it is important that they are adapted to suit the devices and technology. Irrespective of whether you are a consumer or a business, it is essential to check if your IoT devices adhere to basic security controls.
These include providing the appropriate level of identification, privacy, and integrity of network communication and safeguarding data held on the device or within the system. Check for features which facilitate the ability to securely upgrade devices when vulnerabilities are discovered after release and ensuring that IoT devices can be safely managed and monitored. It is also important that your IoT device logs all connections enabling audibility and forensics.
The RISI Online Incident Database keeps a record of incidents of a cyber security nature that directly affect industrial Supervisory Control and Data Acquisition (SCADA) and process control systems, accidental cyber-related incidents, as well deliberate events such as external hacks, Denial of Service (DoS) attacks among others.
You may also like
Telcos: The Up-and-Coming Source of Big Data
Why you should look to your local operator for valuable business insights.
Cyber Security for the Internet of Everything
Securing your Enterprise in the digital age.
The new omnichannel multi-screen experience
What consumers want: Multi-screen experiences, personalisation, social shopping.